So I see your browser exploit has refused to attack due to some kind of unmet requirements. Typically this means one of the following:

* Your target doesn't have the right conditions to be exploited.
* Your target isn't vulnerable at all.

The exploit should say what requirements are not met. The requirements are explained here:


| Key | Description |
| --- | ----------- |
| **:source** | Target has JavaScript disabled. |
| **:ua_name** | Target isn't using the preferred browser. For example: Firefox, IE. |
| **:ua_ver** | Target isn't using the preferred browser version. |
| **:os_name** | Target isn't using the preferred operating system. |
| **:os_flavor** | This has been deprecated. If you see this, your Metasploit is most likely out of date. |
| **:language** | Target isn't using the preferred OS language. |
| **:arch** | Target isn't on the preferred architecture. For example: x86/x64 |
| **:proxy** | Target has a proxy. |
| **:silverlight** | Target doesn't have Silverlight installed. |
| **:office** | Target doesn't have the preferred version of Microsoft Office installed, so the exploit cannot bypass DEP. |
| **:java** | Target doesn't have the preferred version of Java. Often this is used by exploits to bypass DEP. |
| **:clsid** | Target doesn't have the preferred ActiveX control. If this is the problem, you will only see a mismatch with :activex instead of :clsid. |
| **:method** | Target doesn't have the preferred ActiveX control. If this is the problem, you will only see a mismatch with :activex instead of :method. |
| **:mshtml_build** | Target isn't on the preferred build of Internet Explorer. Usually means only specific builds of IE are vulnerable. |
| **:flash** | Target isn't using the preferred version of Adobe Flash. Often this is used by exploits to leverage code execution. |
| **:vuln_test** | A custom JavaScript-based check. There should be a custom vuln_test_error message explaining why on msfconsole. |


### How to manually check requirement comparisons:

If you'd like to check the comparisons, simply set VERBOSE to true. The following is an example:

```msf
msf exploit(ms13_022_silverlight_script_object) > set VERBOSE true
VERBOSE => true
msf exploit(ms13_022_silverlight_script_object) > run
[*] Exploit running as background job.

[*] Started reverse handler on 192.168.1.64:4444 
[*] Using URL: http://0.0.0.0:8080/SHIzaS2aZxIA6
msf exploit(ms13_022_silverlight_script_object) >
[*]  Local IP: http://192.168.1.64:8080/SHIzaS2aZxIA6
[*] Server started.
[*] 192.168.1.80     ms13_022_silverlight_script_object - 192.168.1.80     ms13_022_silverlight_script_object - Received cookie 'sVfdquJGHzpHyLItxoTgeJI'.
[*] 192.168.1.80     ms13_022_silverlight_script_object - Gathering target information.
[*] 192.168.1.80     ms13_022_silverlight_script_object - Sending response HTML.
[*] 192.168.1.80     ms13_022_silverlight_script_object - 192.168.1.80     ms13_022_silverlight_script_object - Info receiver page called.
[*] 192.168.1.80     ms13_022_silverlight_script_object - 192.168.1.80     ms13_022_silverlight_script_object - Received cookie 'ZnKtXOQIvxAclSrEOxJ'.
[!] 192.168.1.80     ms13_022_silverlight_script_object - 192.168.1.80     ms13_022_silverlight_script_object - Received sniffed browser data over POST: 
{"os_name"=>["Microsoft Windows"], "os_flavor"=>["XP"], "ua_name"=>["MSIE"], "ua_ver"=>["8.0"], "arch"=>["x86"], "java"=>["null"], "silverlight"=>["false"], "flash"=>["null"], "office"=>["null"], "mshtml_build"=>["18702"]}.
[*] 192.168.1.80     ms13_022_silverlight_script_object - 192.168.1.80     ms13_022_silverlight_script_object - Received cookie 'ZnKtXOQIvxAclSrEOxJ'.
[*] 192.168.1.80     ms13_022_silverlight_script_object - 192.168.1.80     ms13_022_silverlight_script_object - Serving exploit to user with tag ZnKtXOQIvxAclSrEOxJ
[*] 192.168.1.80     ms13_022_silverlight_script_object - 192.168.1.80     ms13_022_silverlight_script_object - Setting target "ZnKtXOQIvxAclSrEOxJ" to :tried.
[!] 192.168.1.80     ms13_022_silverlight_script_object - 192.168.1.80     ms13_022_silverlight_script_object - Comparing requirement: source=(?i-mx:script|headers) vs k=script
[!] 192.168.1.80     ms13_022_silverlight_script_object - 192.168.1.80     ms13_022_silverlight_script_object - Comparing requirement: os_name=Microsoft Windows vs k=Microsoft Windows
[!] 192.168.1.80     ms13_022_silverlight_script_object - 192.168.1.80     ms13_022_silverlight_script_object - Comparing requirement: ua_name=MSIE vs k=MSIE
[!] 192.168.1.80     ms13_022_silverlight_script_object - 192.168.1.80     ms13_022_silverlight_script_object - Comparing requirement: silverlight=true vs k=false
[!] 192.168.1.80     ms13_022_silverlight_script_object - 192.168.1.80     ms13_022_silverlight_script_object - Comparing requirement: arch=x86 vs k=x86
[!] 192.168.1.80     ms13_022_silverlight_script_object - Exploit requirement(s) not met: silverlight
```

### Related Reading:

- [[How to write a browser exploit using BrowserExploitServer]]
